Tens of thousands of legitimate websites have been compromised and have code add which will direct visitors to malicious websites. These iframes are smilar to the following (obfuscated, periods replaced with spaces):

<script src=”hxxp://www aspder com/1 js”> </script>

<script src=”hxxp://www 414151 com/fjp js”></script>

<script src=”hxxp://www nihaorri com/1 js”> </script>

Other domains used include:

banner82 com>

wowgm1 cn

direct84 com

wowgm2 cn>

killwow1 cn

wowyeye com

vb008 cn>

9i5t cn

computershello com

A large number of these iframes being inserted into code is due to sql injection through a form or querystring. All forms and querystrings need input checking and validation.

Here are some forum posts from other website owners who are discussing this: